Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2013-12-17 |
| Product | Websphere Service Registry And Repository | Last view | 2014-12-24 |
| Version | 8.0.0.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:websphere_service_registry_and_repository | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 3.5 | 2014-12-24 | CVE-2014-6188 | Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| 6 | 2014-12-24 | CVE-2014-6187 | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5, 7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2 allow remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. |
| 4.3 | 2014-12-24 | CVE-2014-6179 | Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 3.5 | 2014-12-24 | CVE-2014-6178 | Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| 4 | 2014-12-24 | CVE-2014-6155 | Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors. |
| 4.3 | 2014-12-24 | CVE-2014-6153 | The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |
| 3.5 | 2014-12-24 | CVE-2014-6132 | Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | 2014-05-30 | CVE-2014-3010 | Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| 3.5 | 2013-12-17 | CVE-2013-6721 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 66% (6) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 11% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 11% (1) | CWE-310 | Cryptographic Issues |
| 11% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-B-0003 | Multiple Vulnerabilities in IBM WebSphere Service Registry and Repository Severity: Category I - VMSKEY: V0058195 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2015-01-20 | Name: The remote host has a web application installed that is affected by multiple ... File: websphere_service_registry_and_repository_6305.nasl - Type: ACT_GATHER_INFO |
| 2015-01-20 | Name: The remote host has a web application installed that is affected by multiple ... File: websphere_service_registry_and_repository_7005.nasl - Type: ACT_GATHER_INFO |
| 2015-01-20 | Name: The remote host has a web application installed that is affected by multiple ... File: websphere_service_registry_and_repository_7504_mult_vuln.nasl - Type: ACT_GATHER_INFO |
| 2015-01-20 | Name: The remote host has a web application installed that is affected by multiple ... File: websphere_service_registry_and_repository_8003.nasl - Type: ACT_GATHER_INFO |
| 2015-01-20 | Name: The remote host has a web application installed that is affected by multiple ... File: websphere_service_registry_and_repository_8501.nasl - Type: ACT_GATHER_INFO |
| 2013-12-16 | Name: The remote host has a web application installed that is affected by an authen... File: websphere_service_registry_and_repository_7504.nasl - Type: ACT_GATHER_INFO |
